FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Joomla! -- multiple vulnerabilities

Affected packages
1.6.0 <= joomla3 < 3.6.1

Details

VuXML ID f0806cad-c7f1-11e6-ae1b-002590263bf5
Discovery 2016-08-03
Entry 2016-12-22

The JSST and the Joomla! Security Center report:

[20160801] - Core - ACL Violation

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

[source]

[20160802] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in mail component.

[source]

[20160803] - Core - CSRF

Add additional CSRF hardening in com_joomlaupdate.

[source]

References

URL https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
URL https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
URL https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
URL https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.